Client/server applications generally include a “client” that runs on an access device (e.g., a personal computer (PC) or a mobile phone) with which the user interacts, and a “server” that runs on a remote server computer. The client and the server typically communicate over a network, like the Internet, by sending messages back and forth to each other.
Client/server applications may or may not incorporate or otherwise leverage a browser. As such, client/server applications may be browser-type applications (e.g., www.aol.com) which generally include a web site accessed using a browser, or non-browser type applications (e.g., AOL Instant Messenger (AIM)) which generally include a desktop client.
Client/server applications may be supported by dedicated client software or they may be supported by client/server software capable of supporting multiple client/server applications. For example a web browser may support one client/server application (e.g., a browser-type application), or it may support multiple client/server applications (e.g., non-browser type applications).
Many client/server applications are designed to support one or more specific individual users such that they necessitate authentication of the particular person interacting with the client. The authentication may be managed by the client/server applications, enabling the users to authenticate themselves with site-specific credentials for each web site.
One common way for the client/server application to manage authentication of its users involves having the client request credentials (e.g., user name and password) from the users. The client then submits the credentials to the server, and the server validates the credentials (e.g., by verifying that the submitted credentials match previously-established credentials known to the server). A successful authentication establishes an application session for the user, which typically persists until terminated by the user (e.g., by logging out or closing the client software); terminated by the client (e.g., automatically after an idle period); or terminated by the server (e.g., the server crashes).